The information commissioner has dropped an enforcement notice against Marks & Spencer after the retailer encrypted every laptop across the organisation following a major security breach.

Download this free guide

The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

The Information Commissioner's Office (ICO) issued the enforcement notice in January after it found M&S in breach of the Data Protection Act, following the theft of an unecrypted laptop containing the personal information of 26,000 M&S employees.

The laptop, which contained details on employees' names, salary details, addresses, national insurance numbers, dates of birth and phone numbers, was stolen from a printing company.

The ICO cancelled the enforcement notice after Marks & Spencer confirmed it had completed its encryption programme in July.

Darrell Stein, IT director at M&S, told the ICO in a letter on 8 July that all 4,352 laptops in the organisation across 11 countries had been encrypted using software from Utimaco.

"Marks & Spencer will continue to ensure that personal data stored on laptops, including those acquired in future, are encrypted," he said.

M&S had originally appealed against the enforcement notice, in a case due to be heard this week, but withdrew the appeal in mid-July following the ICO's decision to drop the enforcement notice.

The retailer hired Morse, Computacenter and law firm Field Fisher Waterhouse to advise on the programme.

The printing firm had the database to allow it to write to employees about changes in the pension scheme. Marks & Spencer said the laptop was password-protected.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy